|Trust No Program|
In several settings in the Sandboxie Ini configuration file, a program name can be specified. This tells the setting to take effect only for sandboxed processes that match the program name criteria.
The prefix is specified as the name of the executable, with an extension, but without a folder path:
The prefix may start with an exclamation point (!) to indicate negative criteria.
A comma (,) separates the prefix from the rest of the setting specification.
. . . [DefaultBox] OpenFilePath=iexplore.exe,%Favorites% ClosedFilePath=!iexplore.exe,%Favorites%
This combination means that Internet Explorer (iexplore.exe) has direct access to the Favorites folder and the shortcuts within it.
On the other hand, any other program (NOT iexplore.exe, note the exclamation point) is denied any kind of access to that same folder.